cms_scanner 0.0.37.9 → 0.0.37.10

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 51512e1c22d92caefdd529903641464e1773f5a0
4
- data.tar.gz: 1347eebde5a09c12a85a68d6183c6483ef94065c
3
+ metadata.gz: 1916be2912eec9204b9acf8c0cb4d145e7f7dd76
4
+ data.tar.gz: 4235cf913d353741905ba1ba5e4114d5fa2a7316
5
5
  SHA512:
6
- metadata.gz: cc50993c008256b054b070e52a247063147a4d5c0230c13c59bc76dcc8bd1472e4f7c15aa244944bbfaa1fd9fea4272419925cac28973394a66e1a97d552c484
7
- data.tar.gz: 9bad381206895359dd2c28a2df3f37b990e9b41ee14006190aab5fcbbd1140fd1d83ee5fa26cdff3c34de9c4d9f51fa7527a8ce959a968036c38f5d004cdce0b
6
+ metadata.gz: 16f5b5dd3ab709a33330650979255ee639d757a93c7c1b15c9e27b20b16fc7e91b09cef99bd6c4b218fe592b904e32ca549f9cbe4952be5129b3d23e8c9dcb45
7
+ data.tar.gz: c0825cfe663eb1ae87bfa8fc27eaf9f489cad2400eb64a22fcb2f15cc5bf69b6ae9886c856fba7430b9bd51609c9b3367f2360a0e9b0f8ae15028217c02942a4
@@ -8,12 +8,12 @@ module CMSScanner
8
8
  [
9
9
  OptURL.new(['-u', '--url URL', 'The URL to scan'], required: true, default_protocol: 'http'),
10
10
  OptBoolean.new(['--ignore-main-redirect', 'Ignore the main redirect if any and scan the target url']),
11
- OptBoolean.new(%w(-v --verbose)),
11
+ OptBoolean.new(%w[-v --verbose]),
12
12
  OptFilePath.new(['-o', '--output FILE', 'Output to FILE'], writable: true, exists: false),
13
13
  OptChoice.new(['-f', '--format FORMAT',
14
14
  'Output results in the format supplied'], choices: formats),
15
15
  OptChoice.new(['--detection-mode MODE'],
16
- choices: %w(mixed passive aggressive),
16
+ choices: %w[mixed passive aggressive],
17
17
  normalize: :to_sym,
18
18
  default: :mixed),
19
19
  OptArray.new(['--scope DOMAINS',
@@ -24,9 +24,7 @@ module CMSScanner
24
24
 
25
25
  # @return [ Array<OptParseValidator::OptBase> ]
26
26
  def cli_browser_options
27
- [
28
- OptString.new(['--user-agent VALUE', '--ua']),
29
- OptString.new(['--vhost VALUE', 'The virtual host (Host header) to use in requests']),
27
+ cli_browser_headers_options + [
30
28
  OptBoolean.new(['--random-user-agent', '--rua',
31
29
  'Use a random user-agent for each scan']),
32
30
  OptFilePath.new(['--user-agents-list FILE-PATH',
@@ -43,6 +41,15 @@ module CMSScanner
43
41
  ] + cli_browser_proxy_options + cli_browser_cookies_options + cli_browser_cache_options
44
42
  end
45
43
 
44
+ # @return [ Array<OptParseValidator::OptBase> ]
45
+ def cli_browser_headers_options
46
+ [
47
+ OptString.new(['--user-agent VALUE', '--ua']),
48
+ OptHeaders.new(['--headers HEADERS', 'Additional headers to append in requests']),
49
+ OptString.new(['--vhost VALUE', 'The virtual host (Host header) to use in requests'])
50
+ ]
51
+ end
52
+
46
53
  # @return [ Array<OptParseValidator::OptBase> ]
47
54
  def cli_browser_proxy_options
48
55
  [
@@ -7,7 +7,7 @@ module CMSScanner
7
7
  OptChoice.new(
8
8
  ['--interesting-findings-detection MODE',
9
9
  'Use the supplied mode for the interesting findings detection. '],
10
- choices: %w(mixed passive aggressive),
10
+ choices: %w[mixed passive aggressive],
11
11
  normalize: :to_sym
12
12
  )
13
13
  ]
@@ -13,7 +13,7 @@ module CMSScanner
13
13
 
14
14
  # @param [ CMSScanner::Target ] target
15
15
  def initialize(target)
16
- %w(Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC).each do |f|
16
+ %w[Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC].each do |f|
17
17
  finders << NS::Finders::InterestingFindings.const_get(f).new(target)
18
18
  end
19
19
  end
@@ -22,13 +22,13 @@ module CMSScanner
22
22
 
23
23
  # @return [ Array<String> ] Downcased known headers
24
24
  def known_headers
25
- %w(
25
+ %w[
26
26
  age accept-ranges cache-control content-encoding content-length content-type connection date
27
27
  etag expires keep-alive location last-modified link pragma set-cookie strict-transport-security
28
28
  transfer-encoding vary x-cache x-content-security-policy x-content-type-options
29
29
  x-frame-options x-language x-permitted-cross-domain-policies x-pingback x-varnish
30
30
  x-webkit-csp x-xss-protection
31
- )
31
+ ]
32
32
  end
33
33
 
34
34
  def eql?(other)
@@ -32,20 +32,24 @@ Gem::Specification.new do |s|
32
32
  s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
33
33
  s.require_path = 'lib'
34
34
 
35
- s.add_dependency 'typhoeus', '~> 1.1.0'
36
- s.add_dependency 'nokogiri', '~> 1.7.1'
35
+ s.add_dependency 'typhoeus', '~> 1.3.0'
36
+ s.add_dependency 'nokogiri', '~> 1.8.0'
37
37
  s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
38
- s.add_dependency 'addressable', '~> 2.5.0'
39
- s.add_dependency 'activesupport', '~> 5.0.1'
40
- s.add_dependency 'public_suffix', '~> 2.0.3'
38
+ s.add_dependency 'public_suffix', '~> 3.0.0'
41
39
  s.add_dependency 'ruby-progressbar', '~> 1.8.1'
42
- s.add_dependency 'opt_parse_validator', '~> 0.0.13.5'
40
+ s.add_dependency 'opt_parse_validator', '~> 0.0.13.7'
41
+
42
+ # Already required by opt_parse_validator
43
+ # so version restriction loosen to avoid potential future conflicts
44
+ s.add_dependency 'addressable', '~> 2.5'
45
+ s.add_dependency 'activesupport', '~> 5.0'
43
46
 
44
47
  s.add_development_dependency 'rake', '~> 12.0'
45
- s.add_development_dependency 'rspec', '~> 3.5.0'
48
+ s.add_development_dependency 'rspec', '~> 3.6.0'
46
49
  s.add_development_dependency 'rspec-its', '~> 1.2.0'
47
50
  s.add_development_dependency 'bundler', '~> 1.6'
48
- s.add_development_dependency 'rubocop', '~> 0.47.1'
51
+ s.add_development_dependency 'rubocop', '~> 0.50.0'
49
52
  s.add_development_dependency 'webmock', '~> 1.22.0'
50
- s.add_development_dependency 'simplecov', '~> 0.12.0' # Can't update to 0.13 as it breaks coveralls dep
53
+ s.add_development_dependency 'simplecov', '~> 0.14.0' # Can't update to 0.15 as it breaks coveralls dep
54
+ s.add_development_dependency 'coveralls', '~> 0.8.0'
51
55
  end
@@ -1,4 +1,5 @@
1
1
  # coding: utf-8
2
+
2
3
  lib = File.expand_path('../lib', __FILE__)
3
4
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
5
 
@@ -33,9 +34,9 @@ Gem::Specification.new do |s|
33
34
  s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
34
35
  s.require_path = 'lib'
35
36
 
36
- s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
37
+ s.add_dependency 'yajl-ruby', '~> 1.3' # Better JSON parser regarding memory usage
37
38
  s.add_dependency 'cms_scanner', '~> 0.0.37.5'
38
- s.add_dependency 'activesupport', '~> 5.0.0.1' # Not sure if needed there as already needed in the CMSScanner
39
+ s.add_dependency 'activesupport', '~> 5.0'
39
40
  # DB dependencies
40
41
  s.add_dependency 'dm-core', '~> 1.2.0'
41
42
  s.add_dependency 'dm-migrations', '~> 1.2.0'
@@ -48,7 +48,7 @@ module CMSScanner
48
48
  params = {
49
49
  # Disable SSL-Certificate checks, see http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
50
50
  ssl_verifypeer: false, ssl_verifyhost: 0,
51
- headers: { 'User-Agent' => user_agent },
51
+ headers: { 'User-Agent' => user_agent }.merge(headers || {}),
52
52
  accept_encoding: 'gzip, deflate',
53
53
  method: :get
54
54
  }
@@ -1,21 +1,22 @@
1
1
  module CMSScanner
2
2
  # Options available in the Browser
3
3
  class Browser
4
- OPTIONS = [
5
- :cache_ttl,
6
- :cookie_jar,
7
- :cookie_string,
8
- :connect_timeout,
9
- :http_auth,
10
- :max_threads,
11
- :proxy,
12
- :proxy_auth,
13
- :random_user_agent,
14
- :request_timeout,
15
- :throttle,
16
- :user_agent,
17
- :user_agents_list,
18
- :vhost
4
+ OPTIONS = %i[
5
+ cache_ttl
6
+ cookie_jar
7
+ cookie_string
8
+ connect_timeout
9
+ headers
10
+ http_auth
11
+ max_threads
12
+ proxy
13
+ proxy_auth
14
+ random_user_agent
15
+ request_timeout
16
+ throttle
17
+ user_agent
18
+ user_agents_list
19
+ vhost
19
20
  ].freeze
20
21
 
21
22
  attr_accessor(*OPTIONS)
@@ -15,7 +15,7 @@ module CMSScanner
15
15
  # @param [ Symbol ] mode :mixed, :passive or :aggressive
16
16
  # @return [ Array<Symbol> ] The symbols to call for the mode
17
17
  def symbols_from_mode(mode)
18
- symbols = [:passive, :aggressive]
18
+ symbols = %i[passive aggressive]
19
19
 
20
20
  return symbols if mode.nil? || mode == :mixed
21
21
  symbols.include?(mode) ? [*mode] : []
@@ -51,7 +51,7 @@ module CMSScanner
51
51
  caller_locations.each do |call|
52
52
  label = call.label
53
53
 
54
- next unless label == 'aggressive' || label == 'passive'
54
+ next unless %w[aggressive passive].include? label
55
55
 
56
56
  return "#{titleize} (#{label.capitalize} Detection)"
57
57
  end
@@ -8,7 +8,7 @@ module CMSScanner
8
8
  super(base)
9
9
  end
10
10
 
11
- FINDING_OPTS = [:confidence, :confirmed_by, :references, :found_by, :interesting_entries].freeze
11
+ FINDING_OPTS = %i[confidence confirmed_by references found_by interesting_entries].freeze
12
12
 
13
13
  attr_accessor(*FINDING_OPTS)
14
14
 
@@ -2,7 +2,7 @@
2
2
  class Numeric
3
3
  # @return [ String ] A human readable string of the value
4
4
  def bytes_to_human
5
- units = %w(B KB MB GB TB)
5
+ units = %w[B KB MB GB TB]
6
6
  e = abs.zero? ? abs : (Math.log(abs) / Math.log(1024)).floor
7
7
  s = format('%.3f', (abs.to_f / 1024**e))
8
8
 
@@ -7,7 +7,7 @@ module CMSScanner
7
7
  module ClassMethods
8
8
  # @return [ Array<Symbol> ]
9
9
  def references_keys
10
- @references_keys ||= [:cve, :secunia, :osvdb, :exploitdb, :url, :metasploit, :packetstorm, :securityfocus]
10
+ @references_keys ||= %i[cve secunia osvdb exploitdb url metasploit packetstorm securityfocus]
11
11
  end
12
12
  end
13
13
 
@@ -62,7 +62,7 @@ module CMSScanner
62
62
  # @yield [ String, Nokogiri::XML::Element ] The url and its associated tag
63
63
  #
64
64
  # @return [ Array<String> ] The absolute URLs detected in the response's body from the HTML tags
65
- def urls_from_page(page = nil, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
65
+ def urls_from_page(page = nil, xpath = '//link|//script|//style|//img|//a', attributes = %w[href src])
66
66
  page = NS::Browser.get(url(page)) unless page.is_a?(Typhoeus::Response)
67
67
  found = []
68
68
 
@@ -22,7 +22,7 @@ module CMSScanner
22
22
  # @yield [ String, Nokogiri::XML::Element ] The in scope url and its associated tag
23
23
  #
24
24
  # @return [ Array<String> ] The in scope absolute URLs detected in the response's body
25
- def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
25
+ def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w[href src])
26
26
  found = []
27
27
 
28
28
  urls_from_page(res, xpath, attributes) do |url, tag|
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module CMSScanner
3
- VERSION = '0.0.37.9'.freeze
3
+ VERSION = '0.0.37.10'.freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cms_scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.37.9
4
+ version: 0.0.37.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-04-21 00:00:00.000000000 Z
11
+ date: 2017-09-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: typhoeus
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 1.1.0
19
+ version: 1.3.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 1.1.0
26
+ version: 1.3.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: nokogiri
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.7.1
33
+ version: 1.8.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.7.1
40
+ version: 1.8.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: yajl-ruby
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -53,75 +53,75 @@ dependencies:
53
53
  - !ruby/object:Gem::Version
54
54
  version: 1.3.0
55
55
  - !ruby/object:Gem::Dependency
56
- name: addressable
56
+ name: public_suffix
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: 2.5.0
61
+ version: 3.0.0
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: 2.5.0
68
+ version: 3.0.0
69
69
  - !ruby/object:Gem::Dependency
70
- name: activesupport
70
+ name: ruby-progressbar
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 5.0.1
75
+ version: 1.8.1
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 5.0.1
82
+ version: 1.8.1
83
83
  - !ruby/object:Gem::Dependency
84
- name: public_suffix
84
+ name: opt_parse_validator
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: 2.0.3
89
+ version: 0.0.13.7
90
90
  type: :runtime
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: 2.0.3
96
+ version: 0.0.13.7
97
97
  - !ruby/object:Gem::Dependency
98
- name: ruby-progressbar
98
+ name: addressable
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.8.1
103
+ version: '2.5'
104
104
  type: :runtime
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.8.1
110
+ version: '2.5'
111
111
  - !ruby/object:Gem::Dependency
112
- name: opt_parse_validator
112
+ name: activesupport
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.0.13.5
117
+ version: '5.0'
118
118
  type: :runtime
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.0.13.5
124
+ version: '5.0'
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rake
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -142,14 +142,14 @@ dependencies:
142
142
  requirements:
143
143
  - - "~>"
144
144
  - !ruby/object:Gem::Version
145
- version: 3.5.0
145
+ version: 3.6.0
146
146
  type: :development
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - "~>"
151
151
  - !ruby/object:Gem::Version
152
- version: 3.5.0
152
+ version: 3.6.0
153
153
  - !ruby/object:Gem::Dependency
154
154
  name: rspec-its
155
155
  requirement: !ruby/object:Gem::Requirement
@@ -184,14 +184,14 @@ dependencies:
184
184
  requirements:
185
185
  - - "~>"
186
186
  - !ruby/object:Gem::Version
187
- version: 0.47.1
187
+ version: 0.50.0
188
188
  type: :development
189
189
  prerelease: false
190
190
  version_requirements: !ruby/object:Gem::Requirement
191
191
  requirements:
192
192
  - - "~>"
193
193
  - !ruby/object:Gem::Version
194
- version: 0.47.1
194
+ version: 0.50.0
195
195
  - !ruby/object:Gem::Dependency
196
196
  name: webmock
197
197
  requirement: !ruby/object:Gem::Requirement
@@ -212,14 +212,28 @@ dependencies:
212
212
  requirements:
213
213
  - - "~>"
214
214
  - !ruby/object:Gem::Version
215
- version: 0.12.0
215
+ version: 0.14.0
216
+ type: :development
217
+ prerelease: false
218
+ version_requirements: !ruby/object:Gem::Requirement
219
+ requirements:
220
+ - - "~>"
221
+ - !ruby/object:Gem::Version
222
+ version: 0.14.0
223
+ - !ruby/object:Gem::Dependency
224
+ name: coveralls
225
+ requirement: !ruby/object:Gem::Requirement
226
+ requirements:
227
+ - - "~>"
228
+ - !ruby/object:Gem::Version
229
+ version: 0.8.0
216
230
  type: :development
217
231
  prerelease: false
218
232
  version_requirements: !ruby/object:Gem::Requirement
219
233
  requirements:
220
234
  - - "~>"
221
235
  - !ruby/object:Gem::Version
222
- version: 0.12.0
236
+ version: 0.8.0
223
237
  description: Framework to provide an easy way to implement CMS Scanners
224
238
  email:
225
239
  - team@wpscan.org